11/8/2023 0 Comments Avast vs ccleaner![]() ![]() In a blog post this morning, Cisco Talos Intelligence's Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams reported that Talos had detected the malware during beta testing of a new exploit-detection technology. When successful, they can give malware authors what amounts to the keys to the software developer's kingdom-their compilation tools and signing certificates, as well as access to their workflow for software updates. "Watering hole" attacks, such as the ones used against Facebook, Apple, and Twitter four years ago, are often used to compromise the computers used by software developers. ![]() A compromised software update server for Ukraine software vendor M.E.Doc was used to distribute the NotPetya ransomware attack in July. Software updates are increasingly being targeted by distributors of malware, because they provide a virtually unchecked path to infect millions-or even billions-of computers. ![]() The malware, which was distributed through the update server for the Windows cleanup utility CCleaner, was apparently inserted by an attacker who compromised the software "supply chain" of Piriform, which was acquired by Avast in July. There have been more than 2 billion downloads of CCleaner worldwide, so the potential impact of the malware is huge. A software package update for a Windows utility product distributed by antivirus vendor Avast has been spreading an unsavory surprise: a malware package that could allow affected computers to be remotely accessed or controlled with what appears to be a legitimate signing certificate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |